<?php

/**
 * @author Alexandr McArrow
 * @email alex.mcarrow@gmail.com
 * @company Macrox Lab
 * @copyright Macrox Lab by Alexandr McArrow 2008
 * @project WebCrypto
 */

session_start();

if (isset($_SESSION['uid']))
{
	$_SESSION['count']++;
}
else
{
	$_SESSION['uid']=uniqid("",true);
	$_SESSION['count']=1;
	$_SESSION['auth']=false;
	$_SESSION['user']="";
}

class WC_User{
	
	public $UID;
	public $LOGIN;
	public $PASS;
	public $AUTH;
	
	public $DATA;
	
	private $ERRORDATA;
	
	private $TTL = 10;
	
	
	
	function Redraw()
	{	
		$this->UID = $_SESSION['user'];
		$IN_uid = $this->UID;
		$IN_pass = $this->PASS;
		$IN_data = $this->DATA;
		
		if ($this->Get_by_UID())
		{
			
			if ($IN_pass == "")
			{
				$IN_pass = $this->PASS;
			}
			
			if ($IN_data == "")
			{
				$IN_data = $this->DATA;
			}
			
			
			$query = "UPDATE `user` SET `pass`='".$IN_pass."', `data`='".$IN_data."' WHERE `uid`='".$IN_uid."'";
			if (mysql_query($query))
			{
				$this->UID = $IN_uid;
				if ($this->Get_by_UID())
				{
					$this->Sess(true);
					return true;
				}
				else
				{
					$this->ERRORDATA[]="Redraw - Check Error";
					return false;
				}
			}
			else
			{	
				$this->ERRORDATA[]="Redraw - SQL Error";
				return false;
			}
		}
		else
		{
			$this->ERRORDATA[]="Redraw - User UID Error";
			return false;
		}
		
	}
	
	function RegNew()
	{
		$IN_login = $this->LOGIN;
		$IN_pass = $this->PASS;
		$IN_data = $this->DATA;
		
		if ($this->Get_by_LOGIN())
		{
			$this->ERRORDATA[]="RegNew - User dublicate";
			return false;
		}
		else
		{
			$IN_uid = uniqid("user_",false);
			$query = "INSERT INTO `user` VALUES ('".$IN_uid."','".$IN_login."','".$IN_pass."','".$IN_data."')";
			if (mysql_query($query))
			{
				$this->UID = $IN_uid;
				if ($this->Get_by_UID())
				{
					return true;
				}
				else
				{	
					$this->ERRORDATA[]="RegNew - Check Error";
					return false;
				}
			}
			else
			{
				$this->ERRORDATA[]="RegNew - SQL Error";
				return false;
			}
		}
		
	}
	
	function Auth()
	{	
		if ($_SESSION['user'] != "")
		{
			if ($_SESSION['ttl'] > time())
			{	
				$this->UID = $_SESSION['user'];
				if ($this->Get_by_UID())
				{
					if (sha1($this->UID.$this->LOGIN.$_SESSION['time']) === $_SESSION['hash'])
					{
						$this->Sess(true);
						return true;
					}
					else
					{
						$this->Sess(false);
						$this->ERRORDATA[]="Auth - HASH Error";
						return false;
					}
				}
				else
				{
					$this->Sess(false);
					$this->ERRORDATA[]="Auth - Wrong User UID";
					return false;
				}
			}
			else
			{
				$this->Sess(false);
				$this->ERRORDATA[]="Auth - Time out";
				return false;
			}
		}
		else
		{
			$this->Sess(false);
			$this->ERRORDATA[]="Auth - No User on Session";
			return false;
		}
	}
	
	function Login()
	{
		$IN_login = $this->LOGIN;
		$IN_pass = $this->PASS;
		
		if ($this->Get_by_LOGIN())
		{	
			if (($IN_login === $this->LOGIN) and ($IN_pass === $this->PASS))
			{
				$this->Sess(true);
				return true;	
			}
			else
			{
				$this->Sess(false);
				$this->ERRORDATA[]="Login - Wrong User Auth Data";
				return false;
			}			
		}
		else
		{
			$this->Sess(false);
			$this->ERRORDATA[]="Login - Wrong User Login";
			return false;
		}		
	}
	
	function Logout()
	{
		$this->Sess(false);
		return false;
	}
	
	function Sess($type)
	{
		if ($type == true)
		{
			$_SESSION['auth']=true;
			$_SESSION['user']=$this->UID;
			$_SESSION['time']=time();
			$_SESSION['ttl']=$_SESSION['time']+($this->TTL*60);
			$_SESSION['hash']=sha1($this->UID.$this->LOGIN.$_SESSION['time']);
			$this->AUTH=true;
		}
		else
		{
			$_SESSION['auth']=false;			
			$_SESSION['user']="";
			$_SESSION['time']=time();
			$_SESSION['ttl']=time();
			$_SESSION['hash']="";
			$this->AUTH=false;
		}
	}
	
	function Get_by_UID()
	{
		$query = "SELECT * FROM `user` WHERE `uid`='".$this->UID."'";
		$result = mysql_query($query);
		$USER = mysql_fetch_assoc($result);
		
		if ($USER['uid'] != "")
		{
		$this->UID = $USER['uid'];
		$this->LOGIN = $USER['login'];
		$this->PASS = $USER['pass'];
		$this->DATA = $USER['data'];
		return true;
		}
		else
		{
		return false;		
		}	
	}
	
	function Get_by_LOGIN()
	{
		$query = "SELECT * FROM `user` WHERE `login`='".$this->LOGIN."'";
		$result = mysql_query($query);
		$USER = mysql_fetch_assoc($result);
		
		if ($USER['uid'] != "")
		{
		$this->UID = $USER['uid'];
		$this->LOGIN = $USER['login'];
		$this->PASS = $USER['pass'];
		$this->DATA = $USER['data'];
		return true;
		}
		else
		{
		return false;		
		}		
			
	}
	
}

?>